CVE-2024-1725
published 2024-03-07CVE-2024-1725: A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to…
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | kubevirt_csi-driver | >= 0 < 0.0.0-202403081943-cc28dcbb0afc14 | 0.0.0-202403081943-cc28dcbb0afc14 |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_container_platform_for_arm64 | — | — |
| redhat | openshift_container_platform_for_arm64 | — | — |
| redhat | openshift_container_platform_for_arm64 | — | — |
| redhat | openshift_container_platform_for_ibm_z | — | — |
| redhat | openshift_container_platform_for_ibm_z | — | — |
| redhat | openshift_container_platform_for_ibm_z | — | — |
| redhat | openshift_container_platform_for_linuxone | — | — |
| redhat | openshift_container_platform_for_linuxone | — | — |
| redhat | openshift_container_platform_for_linuxone | — | — |
| redhat | openshift_container_platform_for_power | — | — |
| redhat | openshift_container_platform_for_power | — | — |
| redhat | openshift_container_platform_for_power | — | — |